From f37b25a2df462a2d925c9e7309c98cc924fef770 Mon Sep 17 00:00:00 2001 From: Ivan Andreev Date: Sat, 5 Jun 2021 05:34:57 +0300 Subject: [PATCH] ftp: enable tls session cache by default --- backend/ftp/ftp.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/backend/ftp/ftp.go b/backend/ftp/ftp.go index 91c8fad99..fab9bb236 100644 --- a/backend/ftp/ftp.go +++ b/backend/ftp/ftp.go @@ -116,6 +116,14 @@ Set to 0 to keep connections indefinitely. Help: "Maximum time to wait for a response to close.", Default: fs.Duration(60 * time.Second), Advanced: true, + }, { + Name: "tls_cache_size", + Help: `Size of TLS session cache for all control and data connections. +TLS cache allows to resume TLS sessions and reuse PSK between connections. +Increase if default size is not enough resulting in TLS resumption errors. +Enabled by default. Use 0 to disable.`, + Default: 32, + Advanced: true, }, { Name: config.ConfigEncoding, Help: config.ConfigEncodingHelp, @@ -146,6 +154,7 @@ type Options struct { Port string `config:"port"` TLS bool `config:"tls"` ExplicitTLS bool `config:"explicit_tls"` + TLSCacheSize int `config:"tls_cache_size"` Concurrency int `config:"concurrency"` SkipVerifyTLSCert bool `config:"no_check_certificate"` DisableEPSV bool `config:"disable_epsv"` @@ -434,6 +443,9 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (ff fs.Fs ServerName: opt.Host, InsecureSkipVerify: opt.SkipVerifyTLSCert, } + if opt.TLSCacheSize > 0 { + tlsConfig.ClientSessionCache = tls.NewLRUClientSessionCache(opt.TLSCacheSize) + } } u := protocol + path.Join(dialAddr+"/", root) ci := fs.GetConfig(ctx)